Documentation ¶
Overview ¶
Copyright Contributors to the Open Cluster Management project
Copyright Contributors to the Open Cluster Management project ¶
Copyright Contributors to the Open Cluster Management project ¶
Copyright Contributors to the Open Cluster Management project ¶
Copyright Contributors to the Open Cluster Management project ¶
Copyright Contributors to the Open Cluster Management project ¶
Copyright Contributors to the Open Cluster Management project ¶
Copyright Contributors to the Open Cluster Management project
Index ¶
- Constants
- func CABundlePath(dir string) string
- func CACertPath(dir string) string
- func CAKeyPath(dir string) string
- func CASerialsPath(dir string) string
- func ClientCertPath(dir string) string
- func ClientKeyPath(dir string) string
- func IsCertShortLived(c *x509.Certificate) bool
- func IsSignerNotFoundError(err error) bool
- func PeerCertPath(dir string) string
- func PeerKeyPath(dir string) string
- func ServingCertPath(dir string) string
- func ServingKeyPath(dir string) string
- func WhenToRotateAtEarliest(cs *CertificateChains) ([]string, time.Time, error)
- type CAInfo
- func (i *CAInfo) EnsureCA() (ca *crypto.CA, err error)
- func (i *CAInfo) SetCertFile(file string) *CAInfo
- func (i *CAInfo) SetKeyFile(file string) *CAInfo
- func (i *CAInfo) SetSerialFile(file string) *CAInfo
- func (i *CAInfo) SetSignerName(name string) *CAInfo
- func (i *CAInfo) SetValidityDays(duration int) *CAInfo
- type CSRInfo
- type CSRMeta
- type CertWalkFunc
- type CertificateChains
- func (cs *CertificateChains) GetCertKey(certPath ...string) ([]byte, []byte, error)
- func (cs *CertificateChains) GetSigner(signerPath ...string) *CertificateSigner
- func (cs *CertificateChains) GetSignerNames() []string
- func (cs *CertificateChains) Regenerate(certPath ...string) error
- func (cs *CertificateChains) WalkChains(rootPath []string, fn CertWalkFunc) error
- type CertificateChainsBuilder
- type CertificateSigner
- func (s *CertificateSigner) AddToBundles(bundlePaths ...string) error
- func (s *CertificateSigner) GetCertKey(subjectName string) ([]byte, []byte, error)
- func (s *CertificateSigner) GetCertNames() []string
- func (s *CertificateSigner) GetSignerCertPEM() ([]byte, error)
- func (s *CertificateSigner) GetSubCA(signerName string) *CertificateSigner
- func (s *CertificateSigner) GetSubCANames() []string
- func (s *CertificateSigner) Regenerate(certPath ...string) error
- func (s *CertificateSigner) SignCertificate(csrInfo CSRInfo) error
- func (s *CertificateSigner) SignClientCertificate(signInfo *ClientCertificateSigningRequestInfo) error
- func (s *CertificateSigner) SignPeerCertificate(signInfo *PeerCertificateSigningRequestInfo) error
- func (s *CertificateSigner) SignServingCertificate(signInfo *ServingCertificateSigningRequestInfo) error
- func (s *CertificateSigner) SignSubCA(subSignerInfo CertificateSignerBuilder) error
- type CertificateSignerBuilder
- type ClientCertificateSigningRequestInfo
- type PeerCertificateSigningRequestInfo
- type ServingCertificateSigningRequestInfo
- type SignerInfo
- type SignerNotFound
- type SigningConfig
Constants ¶
View Source
const ( CACertFileName = "ca.crt" CAKeyFileName = "ca.key" CABundleFileName = "ca-bundle.crt" CASerialsFileName = "serial.txt" ServerCertFileName = "server.crt" ServerKeyFileName = "server.key" ClientCertFileName = "client.crt" ClientKeyFileName = "client.key" PeerCertFileName = "peer.crt" PeerKeyFileName = "peer.key" LongLivedCertificateValidityDays = 365 * 10 ShortLivedCertificateValidityDays = 365 )
Variables ¶
This section is empty.
Functions ¶
func CABundlePath ¶
func CACertPath ¶
func CASerialsPath ¶
func ClientCertPath ¶
func ClientKeyPath ¶
func IsCertShortLived ¶
func IsCertShortLived(c *x509.Certificate) bool
func IsSignerNotFoundError ¶
func PeerCertPath ¶
func PeerKeyPath ¶
func ServingCertPath ¶
func ServingKeyPath ¶
func WhenToRotateAtEarliest ¶
func WhenToRotateAtEarliest(cs *CertificateChains) ([]string, time.Time, error)
Types ¶
type CAInfo ¶
type CAInfo struct {
// contains filtered or unexported fields
}
func (*CAInfo) SetCertFile ¶
func (*CAInfo) SetKeyFile ¶
func (*CAInfo) SetSerialFile ¶
func (*CAInfo) SetSignerName ¶
func (*CAInfo) SetValidityDays ¶
type CertWalkFunc ¶
type CertWalkFunc func(certPath []string, c x509.Certificate) error
type CertificateChains ¶
type CertificateChains struct { SigningConfig *SigningConfig // contains filtered or unexported fields }
func (*CertificateChains) GetCertKey ¶
func (cs *CertificateChains) GetCertKey(certPath ...string) ([]byte, []byte, error)
func (*CertificateChains) GetSigner ¶
func (cs *CertificateChains) GetSigner(signerPath ...string) *CertificateSigner
func (*CertificateChains) GetSignerNames ¶
func (cs *CertificateChains) GetSignerNames() []string
func (*CertificateChains) Regenerate ¶
func (cs *CertificateChains) Regenerate(certPath ...string) error
func (*CertificateChains) WalkChains ¶
func (cs *CertificateChains) WalkChains(rootPath []string, fn CertWalkFunc) error
WalkChains traverses through the trust chain starting at `rootPath` and applies `fn` on all the certificates in the chain tree
type CertificateChainsBuilder ¶
type CertificateChainsBuilder interface { WithSigners(signers ...CertificateSignerBuilder) CertificateChainsBuilder WithCABundle(bundlePath string, signerNames ...[]string) CertificateChainsBuilder Complete(cfg *SigningConfig) (*CertificateChains, error) }
func NewCertificateChains ¶
func NewCertificateChains(signers ...CertificateSignerBuilder) CertificateChainsBuilder
type CertificateSigner ¶
type CertificateSigner struct {
// contains filtered or unexported fields
}
func (*CertificateSigner) AddToBundles ¶
func (s *CertificateSigner) AddToBundles(bundlePaths ...string) error
func (*CertificateSigner) GetCertKey ¶
func (s *CertificateSigner) GetCertKey(subjectName string) ([]byte, []byte, error)
func (*CertificateSigner) GetCertNames ¶
func (s *CertificateSigner) GetCertNames() []string
func (*CertificateSigner) GetSignerCertPEM ¶
func (s *CertificateSigner) GetSignerCertPEM() ([]byte, error)
func (*CertificateSigner) GetSubCA ¶
func (s *CertificateSigner) GetSubCA(signerName string) *CertificateSigner
func (*CertificateSigner) GetSubCANames ¶
func (s *CertificateSigner) GetSubCANames() []string
func (*CertificateSigner) Regenerate ¶
func (s *CertificateSigner) Regenerate(certPath ...string) error
func (*CertificateSigner) SignCertificate ¶
func (s *CertificateSigner) SignCertificate(csrInfo CSRInfo) error
func (*CertificateSigner) SignClientCertificate ¶
func (s *CertificateSigner) SignClientCertificate(signInfo *ClientCertificateSigningRequestInfo) error
func (*CertificateSigner) SignPeerCertificate ¶
func (s *CertificateSigner) SignPeerCertificate(signInfo *PeerCertificateSigningRequestInfo) error
func (*CertificateSigner) SignServingCertificate ¶
func (s *CertificateSigner) SignServingCertificate(signInfo *ServingCertificateSigningRequestInfo) error
func (*CertificateSigner) SignSubCA ¶
func (s *CertificateSigner) SignSubCA(subSignerInfo CertificateSignerBuilder) error
type CertificateSignerBuilder ¶
type CertificateSignerBuilder interface { SignerInfo WithSignerConfig(config *crypto.CA) CertificateSignerBuilder WithSubCAs(subCAsInfo ...CertificateSignerBuilder) CertificateSignerBuilder WithClientCertificates(signInfos ...*ClientCertificateSigningRequestInfo) CertificateSignerBuilder WithServingCertificates(signInfos ...*ServingCertificateSigningRequestInfo) CertificateSignerBuilder WithPeerCertificiates(signInfos ...*PeerCertificateSigningRequestInfo) CertificateSignerBuilder WithCABundlePaths(bundlePath ...string) CertificateSignerBuilder WithCAInfo(info *CAInfo) CertificateSignerBuilder Complete() (*CertificateSigner, error) }
func NewCertificateSigner ¶
func NewCertificateSigner(signerName, signerDir string, validityDays int) CertificateSignerBuilder
NewCertificateSigner returns a builder object for a certificate chain for the given signer
type ClientCertificateSigningRequestInfo ¶
func (*ClientCertificateSigningRequestInfo) GetMeta ¶
func (i *ClientCertificateSigningRequestInfo) GetMeta() CSRMeta
type PeerCertificateSigningRequestInfo ¶
func (*PeerCertificateSigningRequestInfo) GetMeta ¶
func (i *PeerCertificateSigningRequestInfo) GetMeta() CSRMeta
type ServingCertificateSigningRequestInfo ¶
func (*ServingCertificateSigningRequestInfo) GetMeta ¶
func (i *ServingCertificateSigningRequestInfo) GetMeta() CSRMeta
type SignerInfo ¶
type SignerNotFound ¶
type SignerNotFound struct {
// contains filtered or unexported fields
}
func NewSignerNotFound ¶
func NewSignerNotFound(signerName string) *SignerNotFound
func (*SignerNotFound) Error ¶
func (e *SignerNotFound) Error() string
type SigningConfig ¶
type SigningConfig struct {
ApiHost string
}
Click to show internal directories.
Click to hide internal directories.